Agent Formation schemas are primarily specification artifacts, but security issues can still arise (e.g., unsafe defaults, secret-handling bugs in templates, validator vulnerabilities).

Please do not open a public issue for security-sensitive reports.

Email: security@agentformation.org
Subject: "Agent Formation security report"

Include:

• description of the issue
• impact assessment
• reproduction steps or proof-of-concept
• any suggested mitigation

1. A maintainer will acknowledge receipt within 3 business days.
2. We will investigate and propose a fix.
3. We will coordinate a release.
4. After release, we will publish a short advisory.

Only the latest minor version line is supported for fixes.